Browser based method of assessing web application vulnerability
First Claim
Patent Images
1. A method of assessing a vulnerability of an active web form during a browsing session, said method comprising the steps of:
- browsing the active web form by a user;
monitoring one or more HTTP requests transmitted from said browser to a server during the browsing session by a browser add-on, wherein the one or more HTTP requests result from the user interacting with the active web form;
analyzing by the browser add-on said one or more HTTP requests to detect one or more testable entities;
executing at the server one or more security vulnerability tests for only said one or more testable entities detected while a response page corresponding with the one or more HTTP requests of the active web form is loading during the browsing session;
displaying the results of said one or more security vulnerability tests; and
if the results to the one or more security vulnerability tests are positive, displaying the results of the one or more security vulnerability tests of a previous page corresponding with the active web form on the response page.
2 Assignments
0 Petitions
Accused Products
Abstract
A novel and useful mechanism and method for assessing the vulnerability of web applications while browsing the application. As a user interacts with the web application, HTTP requests are sent from the browser to the web server. Each HTTP request is analyzed to determine if its associated elements need testing. Vulnerability assessment tests are sent to the server. Test results are then returned to the browser, where they are analyzed, displayed and/or stored in a log file.
-
Citations
25 Claims
-
1. A method of assessing a vulnerability of an active web form during a browsing session, said method comprising the steps of:
-
browsing the active web form by a user; monitoring one or more HTTP requests transmitted from said browser to a server during the browsing session by a browser add-on, wherein the one or more HTTP requests result from the user interacting with the active web form; analyzing by the browser add-on said one or more HTTP requests to detect one or more testable entities; executing at the server one or more security vulnerability tests for only said one or more testable entities detected while a response page corresponding with the one or more HTTP requests of the active web form is loading during the browsing session; displaying the results of said one or more security vulnerability tests; and if the results to the one or more security vulnerability tests are positive, displaying the results of the one or more security vulnerability tests of a previous page corresponding with the active web form on the response page. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of assessing the a vulnerability of an active web form during a browsing session, said method comprising the steps of:
-
browsing the active web form by a user; monitoring one or more HTTP requests transmitted from said browser to a server during the browsing session by a browser add-on, wherein the one or more HTTP requests result from the user interacting with the active web form; analyzing by the browser add-on said one or more HTTP requests to detect one or more testable entities; executing at the server one or more security vulnerability tests for only said one or more testable entities detected, while a response page corresponding with the one or more HTTP requests of the active web form is loading during the browsing session; saving the results of said one or more security vulnerability tests to a log file; and if the results to the one or more security vulnerability tests are positive, displaying the results of the one or more security vulnerability tests of a previous page corresponding with the active web form on the response page. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for assessing a vulnerability of an active web form during a browsing session, the computer program product comprising:
-
a non-transitory computer usable medium having computer usable code embodied therewith, the computer program product comprising; computer usable code configured for browsing the active web form by a user; computer usable code configured for monitoring one or more HTTP requests transmitted from said browser to a server during the browsing session by a browser add-on, wherein the one or more HTTP requests result from the user interacting with the active web form; computer usable code configured for analyzing by the browser add-on said one or more HTTP requests to detect one or more testable entities; computer usable code configured for executing at the server one or more security vulnerability tests for only said one or more testable entities detected while a response page corresponding with the one or more HTTP requests of the active web form is loading during the browsing session; computer usable code configured for displaying any detected the results of said one or more security vulnerability tests; and if the results to the one or more security vulnerability tests are positive, computer usable code configured for displaying the results of the one or more security vulnerability tests of a previous page corresponding with the active web form on the response page. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer program product for assessing the vulnerability of an active web form during a browsing session, the computer program product comprising:
-
a non-transitory computer usable medium having computer usable code embodied therewith, the computer program product comprising; computer usable code configured for browsing the active web form by a user; computer usable code configured for monitoring one or more HTTP requests transmitted from said browser to a server during the browsing session by a browser add-on, wherein the one or more HTTP requests result from the user interacting with the active web form; computer usable code configured for analyzing by the browser add-on said one or more HTTP requests to detect one or more testable entities; computer usable code configured for executing by the server one or more security vulnerability tests for only said one or more testable entities detected while a response page corresponding with the one or more HTTP requests of the active web form is loading during the browsing session; if the results to the one or more security vulnerability tests are positive, computer usable code configured for displaying the results of the one or more security vulnerability tests of a previous page corresponding with the active web form on the response page; computer usable code configured for saving the results of said one or more security vulnerability tests to a log file; and computer usable code configured for displaying said log file. - View Dependent Claims (22, 23, 24, 25)
-
Specification